5 steps to critical infrastructure collaboration
- By Randy James, John Paczkowski
- Jun 10, 2019
The days of simply protecting critical infrastructure with guns, gates and guards or combating cyber threats solely with IT data and network protection are fleeting. Today's threats are many and varied, as our physical and digital worlds become increasingly interconnected. They stretch all the way from contested regions around the globe back to the U.S. homeland -- a country that is no longer the sanctuary it once was.
Emerging threats -- including the proliferation of weapons of mass destruction, information warfare against our election system, cyberattacks targeting both defense and civilian networks and even the recent Huawei indictments -- put our nation's military capability, critical infrastructure, democratic institutions and even the safety of everyday civilians at risk.
In today's threat landscape, our national defense strategy must incorporate a new, more robust and integrated "whole-of-nation" approach to homeland security. The plan must coordinate the assessment of defense and homeland security threats and synchronize how we address civilian critical infrastructure security and military mission assurance interdependencies. But the million-dollar question among government and industry leaders is not why we must adopt this approach -- it's how.
The hard truth is that we are emerging from the longest period of conflict in our nation's history. Threats at home have too often been overshadowed by a national preoccupation with terrorism and overseas counterinsurgency post-9/11. Accordingly, senior national security officials are now confronted with the very real challenges of perceived institutional barriers, lack of mutual trust and confusion over existing authorities and information-sharing forums. A new and unprecedented level of interagency and civil-military collaboration is now required -- and must be reflected in the national defense strategy.
Since the Department of Homeland Security's creation, measured progress has been made to establish new mechanisms for information sharing on homeland security threats and risks to domestic civilian critical infrastructure. Likewise, the Department of Defense has made steady efforts to improve mission assurance risk management for defense-specific assets, networks and systems. However, these threats are accelerating and morphing at a rate that has the potential to exceed our nation's capacity to respond. Further, these efforts to identify and mitigate such risks have largely evolved independently and without the level of integration that the new threat landscape requires.
There is no daylight between the armed forces and private industries of our most threatening adversaries, as they mutually work with and support each other to gain both competitive and military advantage. That is why, now more than ever, U.S. government and private sector leaders must collaborate to overcome evolving hurdles and build on existing momentum to encourage:
- Aggressive joint DHS, DOD and private sector exploitation of new initiatives. Specifically, the national security community should look to the newly created Cybersecurity and Infrastructure Security Agency and its National Risk Management Center to fuse a common understanding of shared civil-military-industry threats, risks and interdependencies.
- Sharing of Best Practices in threat risk assessment. Leaders need to utilize DHS Regional Resiliency Assessment Program initiatives as a platform for exploring civil-military-industry collaboration and the refinement of those practices in support of DOD warfighting commands.
- Comprehensive review of the sector-partnership model. Leaders need to use the collaboration model embedded in the National Infrastructure Protection Plan and associated legislation to identify gaps that inhibit -- or strategies that enhance -- greater civil-military-industry unity of effort.
- Transparent and secure information sharing among DOD, DHS, industry and academia. Leaders need to continue to break down silos that limit information sharing in the pursuit of system-level and region-wide risk interdependency analysis and risk mitigation.
- Implementation of new executive-level forums for government and private sector leaders. Leaders need to raise awareness around the importance of mission assurance strategies and actively engage each other in the advancement of national security risk management policy and best practices.
When it comes to national security, there is no longer a "home game" and "away game." The "let's fight them there, so we don't have to fight them here" philosophy simply isn't valid anymore. Threats multiply daily, but so do opportunities for government and industry to work together. Jointly, we can achieve higher levels of cyber and physical infrastructure resilience to keep our most vital assets, networks and systems operating under duress or outright attack.
While steps are being taken at the DHS and DOD levels to organize and invigorate our nation's approach to assessing emerging threats and strategic risks, it's up to government and industry leaders and our elected officials to move the needle in a more meaningful way. This starts with understanding the present dangers of this new threat landscape and instilling a more integrated, collaborative mentality into agencies' practices and strategies at the working-level.
An agile, whole-of-nation approach to cyber and physical infrastructure resilience is not out of reach -- but it will take breaking the status quo and increasing public-private sector collaboration to get there.
Randy James is the Senior Vice President and General Manager -- Cybersecurity and Resilience at ICF.
John Paczkowski is the Senior Vice President -- Homeland Security and National Resilience at ICF.